CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2008-0793

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile5.16th
Published2008年2月15日
Last Modified2026年4月23日

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third party information. NOTE: it is not clear whether this affects Tendenci Enterprise Edition in addition to the product's deployment on Tendenci's own server farm. If only the latter was affected, then this issue should not be included in CVE.

Affected Platforms (CPE)

📦
Tendenci

Cms

All versions

References & Advisories

🔗 http://blog.tendenci.com/2008/02/cross-site-scri.html
🔗 http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html
🔗 http://secunia.com/advisories/28882
🔗 http://www.securityfocus.com/bid/27782
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/40477
🔗 http://blog.tendenci.com/2008/02/cross-site-scri.html
🔗 http://holisticinfosec.blogspot.com/2008/02/fastest-fix-in-west-vendors-excellent.html
🔗 http://secunia.com/advisories/28882

相關漏洞威脅

CVE-2005-400710.0

Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization ch...

CVE-2005-376410.0

The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uplo...

CVE-2020-1518810.0

SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute a...

CVE-2006-160410.0

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables tha...